Android Malware Identification and Polymorphic Evolution Via Graph Representation Learning

Miguel Quebrado; Edoardo Serra; Alfredo Cuzzocrea

doi:10.1109/BigData52589.2021.9671437

Android Malware Identification and Polymorphic Evolution Via Graph Representation Learning

Miguel Quebrado, Edoardo Serra, Alfredo Cuzzocrea

Computer Science Department

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

Developing techniques to identify malware is critical. The polymorphic nature of malware makes it difficult to detect, especially if the detection is done with Hash-based based techniques. Image-based binary representations have been shown to be more robust to popular polymorphic obfuscation techniques. In contrast to image-based techniques, in this paper, we employed a graph-based technique that extracts control flow graphs from Android APK binary. To process the resulting graph, we use a procedure combining a new graph representation learning method, called Inferential SIR-GN for Graph representation, that preserves graph structural similarities, with XGboost, which is a standard machine learning model. Then, we apply this procedure to MALNET, which is a publicly available cybersecurity database that provides image and graph-based Android APK binary representations for a total 1,262,024 million Android APK binary with 47 types and 696 families. Experimental results show that this graph-based procedure is even more accurate than the image-based approach. Moreover, this paper provides a procedure that, by leveraging Inferential SIR-GN is able to create malware polymorphic evolution representations to use during the train of the XGboost that strengthens the malware classification tasks when the train and test datasets are split temporally according to the binary creation date. This means that our procedure can predict malware polymorphic evolution.

Original language	English
Title of host publication	Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021
Editors	Yixin Chen, Heiko Ludwig, Yicheng Tu, Usama Fayyad, Xingquan Zhu, Xiaohua Tony Hu, Suren Byna, Xiong Liu, Jianping Zhang, Shirui Pan, Vagelis Papalexakis, Jianwu Wang, Alfredo Cuzzocrea, Carlos Ordonez
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	5441-5449
Number of pages	9
ISBN (Electronic)	9781665439022
DOIs	https://doi.org/10.1109/BigData52589.2021.9671437
State	Published - 2021
Event	2021 IEEE International Conference on Big Data, Big Data 2021 - Virtual, Online, United States Duration: 15 Dec 2021 → 18 Dec 2021

Publication series

Name	Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021

Conference

Conference	2021 IEEE International Conference on Big Data, Big Data 2021
Country/Territory	United States
City	Virtual, Online
Period	15/12/21 → 18/12/21

Keywords

Malware Polymorphism
Neural Networks
Obfuscation
Structural Graph Representation Learning

Access to Document

10.1109/BigData52589.2021.9671437

Cite this

Quebrado, M., Serra, E., & Cuzzocrea, A. (2021). Android Malware Identification and Polymorphic Evolution Via Graph Representation Learning. In Y. Chen, H. Ludwig, Y. Tu, U. Fayyad, X. Zhu, X. T. Hu, S. Byna, X. Liu, J. Zhang, S. Pan, V. Papalexakis, J. Wang, A. Cuzzocrea, & C. Ordonez (Eds.), Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021 (pp. 5441-5449). (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BigData52589.2021.9671437

Quebrado, Miguel ; Serra, Edoardo ; Cuzzocrea, Alfredo. / Android Malware Identification and Polymorphic Evolution Via Graph Representation Learning. Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. editor / Yixin Chen ; Heiko Ludwig ; Yicheng Tu ; Usama Fayyad ; Xingquan Zhu ; Xiaohua Tony Hu ; Suren Byna ; Xiong Liu ; Jianping Zhang ; Shirui Pan ; Vagelis Papalexakis ; Jianwu Wang ; Alfredo Cuzzocrea ; Carlos Ordonez. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 5441-5449 (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021).

@inproceedings{93752e53a6644cdd98a040ea05ec95fa,

title = "Android Malware Identification and Polymorphic Evolution Via Graph Representation Learning",

abstract = "Developing techniques to identify malware is critical. The polymorphic nature of malware makes it difficult to detect, especially if the detection is done with Hash-based based techniques. Image-based binary representations have been shown to be more robust to popular polymorphic obfuscation techniques. In contrast to image-based techniques, in this paper, we employed a graph-based technique that extracts control flow graphs from Android APK binary. To process the resulting graph, we use a procedure combining a new graph representation learning method, called Inferential SIR-GN for Graph representation, that preserves graph structural similarities, with XGboost, which is a standard machine learning model. Then, we apply this procedure to MALNET, which is a publicly available cybersecurity database that provides image and graph-based Android APK binary representations for a total 1,262,024 million Android APK binary with 47 types and 696 families. Experimental results show that this graph-based procedure is even more accurate than the image-based approach. Moreover, this paper provides a procedure that, by leveraging Inferential SIR-GN is able to create malware polymorphic evolution representations to use during the train of the XGboost that strengthens the malware classification tasks when the train and test datasets are split temporally according to the binary creation date. This means that our procedure can predict malware polymorphic evolution.",

keywords = "Malware Polymorphism, Neural Networks, Obfuscation, Structural Graph Representation Learning",

author = "Miguel Quebrado and Edoardo Serra and Alfredo Cuzzocrea",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 IEEE International Conference on Big Data, Big Data 2021 ; Conference date: 15-12-2021 Through 18-12-2021",

year = "2021",

doi = "10.1109/BigData52589.2021.9671437",

language = "English",

series = "Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "5441--5449",

editor = "Yixin Chen and Heiko Ludwig and Yicheng Tu and Usama Fayyad and Xingquan Zhu and Hu, {Xiaohua Tony} and Suren Byna and Xiong Liu and Jianping Zhang and Shirui Pan and Vagelis Papalexakis and Jianwu Wang and Alfredo Cuzzocrea and Carlos Ordonez",

booktitle = "Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021",

}

Quebrado, M, Serra, E & Cuzzocrea, A 2021, Android Malware Identification and Polymorphic Evolution Via Graph Representation Learning. in Y Chen, H Ludwig, Y Tu, U Fayyad, X Zhu, XT Hu, S Byna, X Liu, J Zhang, S Pan, V Papalexakis, J Wang, A Cuzzocrea & C Ordonez (eds), Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021, Institute of Electrical and Electronics Engineers Inc., pp. 5441-5449, 2021 IEEE International Conference on Big Data, Big Data 2021, Virtual, Online, United States, 15/12/21. https://doi.org/10.1109/BigData52589.2021.9671437

Android Malware Identification and Polymorphic Evolution Via Graph Representation Learning. / Quebrado, Miguel; Serra, Edoardo; Cuzzocrea, Alfredo.
Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. ed. / Yixin Chen; Heiko Ludwig; Yicheng Tu; Usama Fayyad; Xingquan Zhu; Xiaohua Tony Hu; Suren Byna; Xiong Liu; Jianping Zhang; Shirui Pan; Vagelis Papalexakis; Jianwu Wang; Alfredo Cuzzocrea; Carlos Ordonez. Institute of Electrical and Electronics Engineers Inc., 2021. p. 5441-5449 (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Android Malware Identification and Polymorphic Evolution Via Graph Representation Learning

AU - Quebrado, Miguel

AU - Serra, Edoardo

AU - Cuzzocrea, Alfredo

PY - 2021

Y1 - 2021

N2 - Developing techniques to identify malware is critical. The polymorphic nature of malware makes it difficult to detect, especially if the detection is done with Hash-based based techniques. Image-based binary representations have been shown to be more robust to popular polymorphic obfuscation techniques. In contrast to image-based techniques, in this paper, we employed a graph-based technique that extracts control flow graphs from Android APK binary. To process the resulting graph, we use a procedure combining a new graph representation learning method, called Inferential SIR-GN for Graph representation, that preserves graph structural similarities, with XGboost, which is a standard machine learning model. Then, we apply this procedure to MALNET, which is a publicly available cybersecurity database that provides image and graph-based Android APK binary representations for a total 1,262,024 million Android APK binary with 47 types and 696 families. Experimental results show that this graph-based procedure is even more accurate than the image-based approach. Moreover, this paper provides a procedure that, by leveraging Inferential SIR-GN is able to create malware polymorphic evolution representations to use during the train of the XGboost that strengthens the malware classification tasks when the train and test datasets are split temporally according to the binary creation date. This means that our procedure can predict malware polymorphic evolution.

AB - Developing techniques to identify malware is critical. The polymorphic nature of malware makes it difficult to detect, especially if the detection is done with Hash-based based techniques. Image-based binary representations have been shown to be more robust to popular polymorphic obfuscation techniques. In contrast to image-based techniques, in this paper, we employed a graph-based technique that extracts control flow graphs from Android APK binary. To process the resulting graph, we use a procedure combining a new graph representation learning method, called Inferential SIR-GN for Graph representation, that preserves graph structural similarities, with XGboost, which is a standard machine learning model. Then, we apply this procedure to MALNET, which is a publicly available cybersecurity database that provides image and graph-based Android APK binary representations for a total 1,262,024 million Android APK binary with 47 types and 696 families. Experimental results show that this graph-based procedure is even more accurate than the image-based approach. Moreover, this paper provides a procedure that, by leveraging Inferential SIR-GN is able to create malware polymorphic evolution representations to use during the train of the XGboost that strengthens the malware classification tasks when the train and test datasets are split temporally according to the binary creation date. This means that our procedure can predict malware polymorphic evolution.

KW - Malware Polymorphism

KW - Neural Networks

KW - Obfuscation

KW - Structural Graph Representation Learning

UR - http://www.scopus.com/inward/record.url?scp=85125319168&partnerID=8YFLogxK

U2 - 10.1109/BigData52589.2021.9671437

DO - 10.1109/BigData52589.2021.9671437

M3 - Conference contribution

AN - SCOPUS:85125319168

T3 - Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021

SP - 5441

EP - 5449

BT - Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021

A2 - Chen, Yixin

A2 - Ludwig, Heiko

A2 - Tu, Yicheng

A2 - Fayyad, Usama

A2 - Zhu, Xingquan

A2 - Hu, Xiaohua Tony

A2 - Byna, Suren

A2 - Liu, Xiong

A2 - Zhang, Jianping

A2 - Pan, Shirui

A2 - Papalexakis, Vagelis

A2 - Wang, Jianwu

A2 - Cuzzocrea, Alfredo

A2 - Ordonez, Carlos

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2021 IEEE International Conference on Big Data, Big Data 2021

Y2 - 15 December 2021 through 18 December 2021

ER -

Quebrado M, Serra E, Cuzzocrea A. Android Malware Identification and Polymorphic Evolution Via Graph Representation Learning. In Chen Y, Ludwig H, Tu Y, Fayyad U, Zhu X, Hu XT, Byna S, Liu X, Zhang J, Pan S, Papalexakis V, Wang J, Cuzzocrea A, Ordonez C, editors, Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 5441-5449. (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021). doi: 10.1109/BigData52589.2021.9671437

Android Malware Identification and Polymorphic Evolution Via Graph Representation Learning

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this